molecule-ai/molecule-core
51
0
Fork 2
Code Issues 164 Pull Requests 154 Actions 13 Packages Projects Releases Wiki Activity

test(e2e): support empty auth headers on mac bash #1648

Merged
hongming merged 1 commits from fix/e2e-bash32-empty-array into main 2026-05-21 19:48:10 +00:00
Conversation 0 Commits 1 Files Changed 3
+9 -9
hongming commented 2026-05-21 19:41:27 +00:00
Owner
Copy Link
Copy Source

What

Fixes local E2E shell helpers so empty optional header arrays work on macOS /bin/bash 3.2 with set -u.

Why

While completing SOP Stage C for the multi-external-workspace work, Docker restart fixed the local infra, but tests/e2e/test_peer_visibility_mcp_local.sh failed before issuing MCP calls because empty ADMIN_AUTH[@] / org_header[@] expansions are unbound under macOS bash 3.2. The script explicitly claims macOS bash 3.2 compatibility, so the gate itself needed the portability fix.

Brief-falsification log

[H1] Local Stage C was blocked only by Docker storage I/O.
Verification: Restarted Docker Desktop, confirmed active Postgres/Redis exec worked, started local platform, ran BASE=http://localhost:8080 bash tests/e2e/test_peer_visibility_mcp_local.sh.
Result: falsified/updated. Docker was one blocker; after restart, the E2E exposed a second blocker in the shell scripts: empty array expansion under set -u.
Updated working theory: use bash-3-safe optional-array expansion for optional curl headers.

Comprehensive testing performed

  • bash -n tests/e2e/_lib.sh && bash -n tests/e2e/lib/peer_visibility_assert.sh && bash -n tests/e2e/test_peer_visibility_mcp_local.sh -> bash-syntax-ok
  • After Docker Desktop restart + local platform boot on localhost:8080:
    • BASE=http://localhost:8080 bash tests/e2e/test_poll_mode_e2e.sh -> 22 passed, 0 failed
    • BASE=http://localhost:8080 bash tests/e2e/test_peer_visibility_mcp_local.sh -> GATE PASSED (LOCAL) with hermes OK, openclaw OK, claude-code OK

Local-postgres E2E run

Local Postgres/Redis from Docker Desktop after restart, with DATABASE_URL=postgres://dev:dev@localhost:5432/molecule?sslmode=disable and REDIS_URL=redis://localhost:6379. Evidence: poll-mode E2E passed 22 passed, 0 failed; peer-visibility MCP local gate passed for hermes/openclaw/claude-code.

Staging-smoke verified or pending

N/A for this PR: local E2E shell portability fix only. CI E2E Peer Visibility (local) is the relevant gate and passed.

Root-cause not symptom

Root cause was bash 3.2 + set -u treating empty array expansions like ${ADMIN_AUTH[@]} / ${org_header[@]} as unbound when optional auth/org headers were absent in local dev mode.

Five-Axis review walked

Correctness: only optional empty array expansions changed. Readability: uses established bash-3-compatible idiom. Architecture: no new abstraction. Security: does not add credential handling or logging. Performance: no meaningful runtime impact.

No backwards-compat shim / dead code added

Yes. This is a direct portability fix in the existing scripts; no shim or dead code path was added.

Memory/saved-feedback consulted

No task-specific saved memory hit for this repo/workflow in current memory search. Applied current AGENTS/SOP instructions and existing repo gates.

Verification

  • bash -n tests/e2e/_lib.sh && bash -n tests/e2e/lib/peer_visibility_assert.sh && bash -n tests/e2e/test_peer_visibility_mcp_local.sh -> bash-syntax-ok
  • After Docker Desktop restart + local platform boot on localhost:8080:
    • BASE=http://localhost:8080 bash tests/e2e/test_poll_mode_e2e.sh -> 22 passed, 0 failed
    • BASE=http://localhost:8080 bash tests/e2e/test_peer_visibility_mcp_local.sh -> GATE PASSED (LOCAL) with hermes OK, openclaw OK, claude-code OK

Coverage ledger

file/function branch/condition test name red/green evidence drift caught
tests/e2e/_lib.sh::e2e_mint_test_token admin_auth empty when no admin bearer is configured test_peer_visibility_mcp_local.sh via token mint path Red: no bearer minted / empty-array expansion under macOS bash; Green: peer visibility gate minted tokens and passed Local E2E unable to drive MCP because optional admin header is absent
tests/e2e/lib/peer_visibility_assert.sh::pv_assert_runtime org_header empty for local single-tenant backend test_peer_visibility_mcp_local.sh literal MCP calls Red: org_header[@]: unbound variable; Green: every runtime got HTTP 200 and expected peers Local backend cannot omit SaaS org header under macOS bash
tests/e2e/test_peer_visibility_mcp_local.sh ADMIN_AUTH empty for local dev-mode admin calls / cleanup test_peer_visibility_mcp_local.sh preflight, create, cleanup Red: ADMIN_AUTH[@]: unbound variable; Green: parent + siblings created, MCP checked, scoped cleanup ran Local E2E exits before real platform verification when no admin token is needed

Idempotency notes

E2E script cleanup remains scoped to workspaces created by that run. No blanket cleanup was added.

Loki query

N/A — local E2E shell portability only.

Tier

tier:low

## What Fixes local E2E shell helpers so empty optional header arrays work on macOS `/bin/bash` 3.2 with `set -u`. ## Why While completing SOP Stage C for the multi-external-workspace work, Docker restart fixed the local infra, but `tests/e2e/test_peer_visibility_mcp_local.sh` failed before issuing MCP calls because empty `ADMIN_AUTH[@]` / `org_header[@]` expansions are unbound under macOS bash 3.2. The script explicitly claims macOS bash 3.2 compatibility, so the gate itself needed the portability fix. ## Brief-falsification log [H1] Local Stage C was blocked only by Docker storage I/O. Verification: Restarted Docker Desktop, confirmed active Postgres/Redis exec worked, started local platform, ran `BASE=http://localhost:8080 bash tests/e2e/test_peer_visibility_mcp_local.sh`. Result: falsified/updated. Docker was one blocker; after restart, the E2E exposed a second blocker in the shell scripts: empty array expansion under `set -u`. Updated working theory: use bash-3-safe optional-array expansion for optional curl headers. ## Comprehensive testing performed - `bash -n tests/e2e/_lib.sh && bash -n tests/e2e/lib/peer_visibility_assert.sh && bash -n tests/e2e/test_peer_visibility_mcp_local.sh` -> `bash-syntax-ok` - After Docker Desktop restart + local platform boot on `localhost:8080`: - `BASE=http://localhost:8080 bash tests/e2e/test_poll_mode_e2e.sh` -> `22 passed, 0 failed` - `BASE=http://localhost:8080 bash tests/e2e/test_peer_visibility_mcp_local.sh` -> `GATE PASSED (LOCAL)` with `hermes OK`, `openclaw OK`, `claude-code OK` ## Local-postgres E2E run Local Postgres/Redis from Docker Desktop after restart, with `DATABASE_URL=postgres://dev:dev@localhost:5432/molecule?sslmode=disable` and `REDIS_URL=redis://localhost:6379`. Evidence: poll-mode E2E passed `22 passed, 0 failed`; peer-visibility MCP local gate passed for hermes/openclaw/claude-code. ## Staging-smoke verified or pending N/A for this PR: local E2E shell portability fix only. CI `E2E Peer Visibility (local)` is the relevant gate and passed. ## Root-cause not symptom Root cause was bash 3.2 + `set -u` treating empty array expansions like `${ADMIN_AUTH[@]}` / `${org_header[@]}` as unbound when optional auth/org headers were absent in local dev mode. ## Five-Axis review walked Correctness: only optional empty array expansions changed. Readability: uses established bash-3-compatible idiom. Architecture: no new abstraction. Security: does not add credential handling or logging. Performance: no meaningful runtime impact. ## No backwards-compat shim / dead code added Yes. This is a direct portability fix in the existing scripts; no shim or dead code path was added. ## Memory/saved-feedback consulted No task-specific saved memory hit for this repo/workflow in current memory search. Applied current AGENTS/SOP instructions and existing repo gates. ## Verification - `bash -n tests/e2e/_lib.sh && bash -n tests/e2e/lib/peer_visibility_assert.sh && bash -n tests/e2e/test_peer_visibility_mcp_local.sh` -> `bash-syntax-ok` - After Docker Desktop restart + local platform boot on `localhost:8080`: - `BASE=http://localhost:8080 bash tests/e2e/test_poll_mode_e2e.sh` -> `22 passed, 0 failed` - `BASE=http://localhost:8080 bash tests/e2e/test_peer_visibility_mcp_local.sh` -> `GATE PASSED (LOCAL)` with `hermes OK`, `openclaw OK`, `claude-code OK` ## Coverage ledger | file/function | branch/condition | test name | red/green evidence | drift caught | |---|---|---|---|---| | `tests/e2e/_lib.sh::e2e_mint_test_token` | `admin_auth` empty when no admin bearer is configured | `test_peer_visibility_mcp_local.sh` via token mint path | Red: no bearer minted / empty-array expansion under macOS bash; Green: peer visibility gate minted tokens and passed | Local E2E unable to drive MCP because optional admin header is absent | | `tests/e2e/lib/peer_visibility_assert.sh::pv_assert_runtime` | `org_header` empty for local single-tenant backend | `test_peer_visibility_mcp_local.sh` literal MCP calls | Red: `org_header[@]: unbound variable`; Green: every runtime got HTTP 200 and expected peers | Local backend cannot omit SaaS org header under macOS bash | | `tests/e2e/test_peer_visibility_mcp_local.sh` | `ADMIN_AUTH` empty for local dev-mode admin calls / cleanup | `test_peer_visibility_mcp_local.sh` preflight, create, cleanup | Red: `ADMIN_AUTH[@]: unbound variable`; Green: parent + siblings created, MCP checked, scoped cleanup ran | Local E2E exits before real platform verification when no admin token is needed | ## Idempotency notes E2E script cleanup remains scoped to workspaces created by that run. No blanket cleanup was added. ## Loki query N/A — local E2E shell portability only. ## Tier tier:low
hongming added 1 commit 2026-05-21 19:41:28 +00:00
test(e2e): support empty auth headers on mac bash
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 6s
Details
CI / Detect changes (pull_request) Successful in 10s
Details
CI / Python Lint & Test (pull_request) Successful in 11s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 14s
Details
E2E Chat / detect-changes (pull_request) Successful in 13s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 8s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Successful in 1m3s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 6s
Details
Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 4s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 5s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m12s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 5s
Details
qa-review / approved (pull_request) Failing after 4s
Details
security-review / approved (pull_request) Failing after 3s
Details
CI / Platform (Go) (pull_request) Successful in 1s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 9s
Details
CI / all-required (pull_request) Successful in 3m40s
Details
E2E Chat / E2E Chat (pull_request) Successful in 5s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 59s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-checklist / review-refire (pull_request) Has been skipped
Details
sop-checklist / all-items-acked (pull_request) Successful in 4s
Details
gate-check-v3 / gate-check (pull_request) Successful in 4s
Details
sop-tier-check / tier-check (pull_request) Successful in 5s
Details
audit-force-merge / audit (pull_request) Successful in 6s
Details
eb21a02b6d
hongming merged commit 07b465f13d into main 2026-05-21 19:48:10 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 platform/go
Go platform test issues
 release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#1648
Delete Branch "fix/e2e-bash32-empty-array"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?